cancel
Showing results for 
Search instead for 
Did you mean: 

Netlogin 802.1x with Radius - Help please

Netlogin 802.1x with Radius - Help please

Localhost
New Contributor II

Hi,

I have configured using this guide:

https://extremeportal.force.com/ExtrArticleDetail?an=000081809

the NPS is configured as per above document.

This is the config in the switch:

create vlan AuthVLAN
configure vlan AuthVLAN tag 10

configure netlogin vlan AuthVLAN
enable netlogin dot1x
enable netlogin ports 3:33 dot1x
configure netlogin ports 3:33 mode port-based-vlans
configure netlogin ports 3:33 no-restart

configure radius netlogin primary server MYRADIUS 1812 client-ip MYSWITCH vr VR-Default
configure radius netlogin primary shared-secret encrypted PASSWORD
enable radius netlogin

But when I connect my cable on port 3:33 nothing happens, I got straight to the vlan that was configured on the port previously.

I confirm that the switch can see the radius and vice-versa. Show radius shows 0 packets sent, it looks like it does not care that I connect a cable to 3:33, it does not even try to look for the Radius.

Ideas?

thanks

12 REPLIES 12

Localhost
New Contributor II
Update: I gave up. Tried with GTAC as well, they couldn't figure it out either. Maybe changing the software might fix it, but this is not an option for me. I resolved moving the authentication to other devices. But thanks everybody.

Localhost
New Contributor II
Update: i understand you won't be able to ping the Vlan interface if it is set to netlogin. I still don't get redirected automatically, but if i put the dns name of the switch (the one configured to the base url) i got to a screenplay page (which is blank). If i put /login nothing happens.

thanks

Localhost
New Contributor II
hi thanks.

I have tried that but the documentation is not very clear:

- After I configured everything, I connect the cable to the port configured for netlogin. I got an ip on that temporary vlan. I can resolve the switch dns name if I ping it

- I open browser, if i put a random url, nothing happens, i was expecting to get redirected to myswitch/login page

- if i manually specify the url (like myswitch/login) the custom webpage appears, i put user/pass, nothing happens, i cannot see user/pass sent to radius

basically i am stuck here.

thanks

dflouret
Extreme Employee
Localhost,

Network Login works in two different ways: ISP mode and Campus mode.

In ISP mode, ports are pre-assigned to a vlan but user access to that vlan is restricted until the user is correctly authenticated. When this happens, the user can access the vlan configured for that port. The Radius server entry for that user should include an Extreme-Netlogin-Only = Enabled entry. This value in the Access-Accept response will indicate EXOS that the user should be allowed to access whatever vlan is configured for the port where the user is connecting.

In Campus mode, the vlan where the user will be placed is defined by the Radius response. The Radius server entry for that user should include an Extreme-Netlogin-Vlan = "" entry. This value in the Access-Accept response will indicate EXOS that the port where the user has authenticated should be moved to the vlan included in the response.

For more detail, please look at chapter 28: Network Login in the EXOS User Guide.

GTM-P2G8KFN